Incident Response and Computer Network Forensics
Incident Response and Computer Forensics - Incident Response is the term used to describe the steps an organization takes when a security breach or cyber attack is detected. This process includes identifying the incident when it is first reported, such as unauthorized access, file deletion, or any activity that violates company policies. The investigation is then conducted to determine the nature and extent of the breach, followed by containment, which involves isolating affected systems or temporarily shutting down services. Eradication is the next step, where the incident's root cause is identified and removed. Recovery is then initiated to return to regular operation. Finally, a review is conducted to learn from the incident and improve future responses. The incident report is a crucial part of the process, as it documents the details of the incident and response. This documentation helps to take appropriate actions to adjust future response procedures as necessary.
Network forensics is a branch of digital forensics that deals with monitoring and analyzing computer network traffic for information gathering, legal evidence, or intrusion detection.
The paper below discusses a scenario where personally identifiable information (PII) was made publicly available on the Internet and the evidence collected in response to the incident. The incident response plan outlines the processes for gathering legally admissible evidence for the legal case. This paper is the result of the techniques and methods explored during the course.

incident_response_and_computer_forensics.docx |
Reflection
The incident response team is crucial to any organization, and its activities require the utmost ethical responsibility to protect every stakeholder involved. While prevention is the best cure, not every incident can be anticipated; the incident response team is responsible for dealing with often confidential information in a highly stressful environment.
Decision-makers rely on evidence collected by Incident Response teams to make sound judgments. It is the ethical responsibility of every cyber security professional to cooperate and be as available as needed while the incident is investigated and evidence is collected. I truly enjoyed the course and learned how to collect evidence, safeguard it, and collaborate with various teams, which will help me advance my career.
References:
Cichonski, P., Millar, T., Grance, T., Scarfone, K. (2012, August) Computer Security Incident Handling Guide. Retrieved from https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf
Hak, J. W. (n.d.) The admissibility of Digital Evidence in Criminal Prosecutions. Retrieved from https://www.crime-scene-investigator.net/admissibilitydigitaleveidencecriminalprosecutions.html
Kans, M. (2021, October 26) Congress Debates Cyber Incident Reporting Deadlines in the NDAA.
Retrieved from https://www.justsecurity.org/78745/congress-debates-cyber-incident-reporting-deadlines-in-the-ndaa/